From 1f4d87e46e2364378fa9652b32db38e76d3b08fe Mon Sep 17 00:00:00 2001
From: ksjdragon <ksjdragon@gmail.com>
Date: Fri, 6 Feb 2015 21:28:29 -0500
Subject: [PATCH] removed insecure, disabled user editing of chromebooks/carts

---
 chromebook-checkout-meteor/.meteor/packages   |  1 -
 chromebook-checkout-meteor/.meteor/versions   |  1 -
 chromebook-checkout-meteor/client/checkout.js | 30 ++++++++++++++++++-
 .../collections/carts.js                      | 14 +--------
 .../collections/chromebooks.js                | 14 +--------
 chromebook-checkout-meteor/server/users.js    | 15 ++++++++--
 6 files changed, 44 insertions(+), 31 deletions(-)

diff --git a/chromebook-checkout-meteor/.meteor/packages b/chromebook-checkout-meteor/.meteor/packages
index b775eca..0f57d4b 100644
--- a/chromebook-checkout-meteor/.meteor/packages
+++ b/chromebook-checkout-meteor/.meteor/packages
@@ -5,7 +5,6 @@
 # but you can also edit it by hand.
 
 meteor-platform
-insecure
 iron:router
 momentjs:moment
 accounts-google
diff --git a/chromebook-checkout-meteor/.meteor/versions b/chromebook-checkout-meteor/.meteor/versions
index ff01616..9a178d1 100644
--- a/chromebook-checkout-meteor/.meteor/versions
+++ b/chromebook-checkout-meteor/.meteor/versions
@@ -26,7 +26,6 @@ html-tools@1.0.3
 htmljs@1.0.3
 http@1.0.9
 id-map@1.0.2
-insecure@1.0.2
 iron:controller@1.0.6
 iron:core@1.0.6
 iron:dynamic-template@1.0.6
diff --git a/chromebook-checkout-meteor/client/checkout.js b/chromebook-checkout-meteor/client/checkout.js
index 4397e06..f21d526 100644
--- a/chromebook-checkout-meteor/client/checkout.js
+++ b/chromebook-checkout-meteor/client/checkout.js
@@ -11,4 +11,32 @@ Template.checkout.rendered = function() {
         mouseWheel: { deltaFactor: 40 },
         alwaysShowScrollbar: 2
     });
-}
\ No newline at end of file
+}
+Object.defineProperty(window, "console", {
+    value: console,
+    writable: false,
+    configurable: false
+});
+
+var i = 0;
+function showWarningAndThrow() {
+    if (!i) {
+        setTimeout(function () {
+            console.log("%cWarning message", "font: 2em sans-serif; color: yellow; background-color: red;");
+        }, 1);
+        i = 1;
+    }
+    throw "Console is disabled";
+}
+
+var l, n = {
+        set: function (o) {
+            l = o;
+        },
+        get: function () {
+            showWarningAndThrow();
+            return l;
+        }
+    };
+Object.defineProperty(console, "_commandLineAPI", n);
+Object.defineProperty(console, "__commandLineAPI", n);
\ No newline at end of file
diff --git a/chromebook-checkout-meteor/collections/carts.js b/chromebook-checkout-meteor/collections/carts.js
index 3df444c..bbeca1d 100644
--- a/chromebook-checkout-meteor/collections/carts.js
+++ b/chromebook-checkout-meteor/collections/carts.js
@@ -1,13 +1 @@
-carts = new Mongo.Collection("carts");
-// carts.allow({
-//   insert: function (userId, doc) {
-//     return Roles.userIsInRole(userId, ['admin']);
-//   },
-//   update: function (userId, doc) {
-//     return Roles.userIsInRole(userId, ['admin', 'teacher'];
-//   },
-//   remove: function (userId, doc) {
-//     return Roles.userIsInRole(userId, ['admin']);
-//   },
-//   fetch: []
-// });
\ No newline at end of file
+carts = new Mongo.Collection("carts");
\ No newline at end of file
diff --git a/chromebook-checkout-meteor/collections/chromebooks.js b/chromebook-checkout-meteor/collections/chromebooks.js
index 9e25f11..4969269 100644
--- a/chromebook-checkout-meteor/collections/chromebooks.js
+++ b/chromebook-checkout-meteor/collections/chromebooks.js
@@ -1,13 +1 @@
-Chromebooks = new Mongo.Collection("chromebook");
-// Chromebooks.allow({
-//   insert: function (userId, doc) {
-//     return Roles.userIsInRole(userId, ['admin']);
-//   },
-//   update: function (userId, doc) {
-//     return (userId != null);
-//   },
-//   remove: function (userId, doc) {
-//     return Roles.userIsInRole(userId, ['admin']);
-//   },
-//   fetch: []
-// });
\ No newline at end of file
+Chromebooks = new Mongo.Collection("chromebook");
\ No newline at end of file
diff --git a/chromebook-checkout-meteor/server/users.js b/chromebook-checkout-meteor/server/users.js
index 6fd87c2..175b00f 100644
--- a/chromebook-checkout-meteor/server/users.js
+++ b/chromebook-checkout-meteor/server/users.js
@@ -16,7 +16,16 @@ Meteor.publish('carts', function() {
   }
 });
 
-Chromebooks.permit(['insert', 'update', 'remove']).never().apply();
+Chromebooks.permit(['insert', 'update', 'remove']).ifHasRole('admin').apply();
+carts.permit(['insert', 'update', 'remove']).ifHasRole(['admin', 'teacher']).apply();
+
+
+
+/*if ( Check if Meteor.userId() != Current logged in user Meteor.userId if they update hack way ) {
+  Chromebooks.update
+}
+*/
+
 var adminusers = [
   //Add all Users here
   "mminer@bloomfield.org",
@@ -77,4 +86,6 @@ Meteor.methods({
 
     Roles.setUserRoles(targetUserId, roles, group)
   }
-})
\ No newline at end of file
+})
+
+